A conventional information processing system is known that has a cluster configuration in which multiple nodes each having at least a CPU and a memory are connected using a LAN or InfiniBand and Operating Systems (OSs) included in the nodes are executed. With an information processing system having this cluster configuration, each of CPUs shares a memory in a node and executes processes in parallel.
FIG. 33 is a schematic diagram illustrating an information processing system having a cluster configuration. In the example illustrated in FIG. 33, the information processing system includes nodes 50 to 52 that are connected by a LAN or the InfiniBand with each other. The node 50 includes a memory 50a, an OS 50b, and a central processing unit (CPU) 50c. Similarly, the node 51 includes a memory 51a, an OS 51b, and a CPU 51c. The node 52 includes a memory 52a, an OS 52b, and a CPU 52c. 
The nodes 50 to 52 executes the OS 50b to 52b, respectively, and each of the OS 50b to 52b is independent in each node, thereby preventing a failure occurring in one of the OSs 50b to 52b from being propagated to the entire information processing system. Furthermore, one or more CPUs 50c to 52c included in the nodes 50 to 52, respectively, share the memories 50a to 52a in each node and access, via the LAN or the InfiniBand, the memory included in the other node.
FIG. 34 is a schematic diagram illustrating memory access between nodes. For example, the node 50 transmits memory access request issued by an application, which is running in the node 50, to the node 51 via a driver, the OS, and hardware. By doing so, the node 51 reports the request received from the node 50 to an application in the node 51 via the hardware, the OS, and the driver and allows the application to execute the memory access.
At this point, in the information processing system having a cluster configuration, because the memory access is executed via the application in the node to be accessed, the latency of the memory access increases and thus the architecture of the application is complicated. Accordingly, there is a known information processing system having a shared memory configuration in which multiple nodes are connected by an interconnection and the application in each node directly accesses memories that perform mapping onto the same memory address space.
FIG. 35 is a schematic diagram illustrating an information processing system that uses a shared memory configuration technology. In the example illustrated in FIG. 35, a node 53 is connected to a node 54 by an interconnect and a remote memory is mapped on an address space that can be directly accessed by the application executed by each of the node 53 and the node 54. The applications executed by the nodes 53 and 54 each issue memory access request with respect to the remote memory, similarly to the memory access with respect to the memory in each node.
Furthermore, there is a known technology for preventing, by setting a storage key for accessing a memory storage area, an unauthorized access to a memory area that is not to be accessed by an application. FIG. 36 is a schematic diagram illustrating a function for preventing unauthorized memory access. For example, in the example illustrated in FIG. 36, an OS previously sets a 4-bit storage key in the memory area for 2 kilobytes or 4 kilobytes. Furthermore, when the OS sets a program counter, the OS sets, in a program status word, a storage key for the memory area used by the application as an access key.
Then, an instruction unit reads the program counter and issues memory access request to memory access unit. Furthermore, when the memory access unit obtains the memory access request from the instruction unit, the memory access unit determines whether the access key that is set in the program status word matches the storage key.
If the memory access unit determines that the storage key does match the access key, the memory access unit permits the memory access and outputs, to the instruction unit, data that is stored in the memory area to be accessed. Furthermore, if the storage key does not match the access key, the memory access unit does not permit the memory access and prevents unauthorized access to the memory area that is not to be accessed by the application.    Patent Document 1: Japanese National Publication of International Patent Application No. 2009-537879    Patent Document 2: Japanese Laid-open Patent Publication No. 05-204762    Patent Document 3: Japanese Laid-open Patent Publication No. 2000-235558
However, there is a problem in that, when a failure occurs in an application executed by a node and thus communication is impossible with the other node, the information processing system having the shared memory configuration described above does not correctly perform a failover in which a process to be performed by the failed node is shifted to the other node.
In the following, a description will be given of a case, with reference to FIGS. 37A and 37B, in which a failover is not correctly performed. FIG. 37A is a first schematic diagram illustrating an example in which a failover is not normally performed. FIG. 37B is a second schematic diagram illustrating an example in which a failover is not normally performed. In the example illustrated in FIGS. 37A and 37B, a description will be given of a case in which a problem has occurred in the application executed by a node 55 and thus communication is impossible with the other node.
For example, as illustrated in FIG. 37A, a node 56 receives memory access from the application executed by the node 55; however, because the communication with the node 55 is impossible, the node 56 determines that the node 55 has failed. In such a case, as illustrated in FIG. 37B, a failover is executed in which the process executed by the node 55 is shifted to a node 57.
However, because the node 56 is not able to communicate with the node 55, the node 56 does not allow memory access performed from the node to be stopped the memory access from the node 55. Accordingly, a split brain state occurs in which both the node 55 and the node 57 simultaneously execute the application in the corresponding nodes 55 and 57, and thus a failover is not correctively performed.
Accordingly, it is conceivable that access can be prevented to a memory in a node from another node by using a technology for setting a storage key described above in the information processing system having the shared memory configuration and by changing the storage key. However, with the technology for setting the storage key described above, a single OS sets both a storage key and an application key. Accordingly, when executing OSs in different nodes, i.e., a node of memory access source and a node to be accessed, because the storage key is not changed, it is difficult to prevent access from the failed node.